xworm | 953a78c09d4aa7bec811695ab607ae82f3f304273fc53202192a97083cb606b5

Analysis

max time kernel
158s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 16:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraBETA3/XcHvYYrNa.exe
Size

35.7MB
MD5

17a5b2e38e52ba783232e01686477307
SHA1

19905670b94997dfbcbccdd3437e3595119d9538
SHA256

f58b4cb63d8d082dd1c6061c4f87f292d194fb7a19c55f6df5ee781431dce31a
SHA512

e7417c40188807f7b5a2facb6bf10813ec7450a82be9b0d47795e519083e484eb5cf045fa1e7b169695b1f56aefd078294969351d83a38e70a099395e93a6951
SSDEEP

786432:/QUiPmbQYUS3jKoNpSaDlLlrfrvacgl8x8MQkEweK:/vs1UuDapLlrmcgCxzP

Score

10^/10

xworm evasion execution persistence rat themida trojan

Malware Config

Extracted

Family

xworm

Attributes

Install_directory
%AppData%
install_file
XClient.exe
pastebin_url
https://pastebin.com/raw/cXrVe9uw
telegram
https://api.telegram.org/bot6979293307:AAEOPp5yyNk59nmm3T6LeHhjYWWOLjWSYdU/sendMessage?chat_id=1370207735

Signatures

Detect Xworm Payload 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\SolaraBETA3.2.exe	family_xworm
behavioral28/memory/4720-20-0x0000000000E40000-0x0000000000E5A000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

XcHvYYrNa.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ XcHvYYrNa.exe
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
execution

PowerShell
T1059.001

Processes:

powershell.exepowershell.exepowershell.exepowershell.exe

pid process

4468 powershell.exe
1104 powershell.exe
4560 powershell.exe
740 powershell.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	XcHvYYrNa.exe

pid	process
4468	powershell.exe
1104	powershell.exe
4560	powershell.exe
740	powershell.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

XcHvYYrNa.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	XcHvYYrNa.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	XcHvYYrNa.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

XcHvYYrNa.exeSolaraBETA3.2.exeSolara.Dir.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	XcHvYYrNa.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	SolaraBETA3.2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\Control Panel\International\Geo\Nation	Solara.Dir.exe

Drops startup file 2 IoCs

Processes:

SolaraBETA3.2.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk	SolaraBETA3.2.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk	SolaraBETA3.2.exe

Executes dropped EXE 5 IoCs

Processes:

Solara.Dir.exeSolaraBETA3.2.exeXcHvYYrNa.exeXClient.exeXClient.exe

pid process

2224 Solara.Dir.exe
4720 SolaraBETA3.2.exe
3248 XcHvYYrNa.exe
2596 XClient.exe
400 XClient.exe
Loads dropped DLL 6 IoCs

Processes:

XcHvYYrNa.exe

pid process

3248 XcHvYYrNa.exe
3248 XcHvYYrNa.exe
3248 XcHvYYrNa.exe
3248 XcHvYYrNa.exe
3248 XcHvYYrNa.exe
3248 XcHvYYrNa.exe

pid	process
2224	Solara.Dir.exe
4720	SolaraBETA3.2.exe
3248	XcHvYYrNa.exe
2596	XClient.exe
400	XClient.exe

pid	process
3248	XcHvYYrNa.exe
3248	XcHvYYrNa.exe
3248	XcHvYYrNa.exe
3248	XcHvYYrNa.exe
3248	XcHvYYrNa.exe
3248	XcHvYYrNa.exe

Themida packer 8 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.dll	themida
behavioral28/memory/3248-1953-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida
behavioral28/memory/3248-1955-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida
behavioral28/memory/3248-1962-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida
behavioral28/memory/3248-1964-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida
behavioral28/memory/3248-1965-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida
behavioral28/memory/3248-1966-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida
behavioral28/memory/3248-1985-0x0000000180000000-0x0000000180C2E000-memory.dmp	themida

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

SolaraBETA3.2.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XClient = "C:\\Users\\Admin\\AppData\\Roaming\\XClient.exe"	SolaraBETA3.2.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

XcHvYYrNa.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA XcHvYYrNa.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

38 pastebin.com
39 pastebin.com
96 raw.githubusercontent.com
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

33 ip-api.com
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

XcHvYYrNa.exe

pid process

3248 XcHvYYrNa.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	XcHvYYrNa.exe

flow	ioc
38	pastebin.com
39	pastebin.com
96	raw.githubusercontent.com

flow	ioc
33	ip-api.com

pid	process
3248	XcHvYYrNa.exe

Drops file in Program Files directory 4 IoCs

Processes:

msedgewebview2.exe

description	ioc	process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4828_406845695\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4828_406845695\metadata.pb	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4828_406845695\_metadata\verified_contents.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4828_406845695\manifest.fingerprint	msedgewebview2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

4892 schtasks.exe

pid	process
4892	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

powershell.exepowershell.exepowershell.exepowershell.exeSolaraBETA3.2.exe

pid	process
740	powershell.exe
740	powershell.exe
740	powershell.exe
4468	powershell.exe
4468	powershell.exe
4468	powershell.exe
1104	powershell.exe
1104	powershell.exe
1104	powershell.exe
4560	powershell.exe
4560	powershell.exe
4560	powershell.exe
4720	SolaraBETA3.2.exe
4720	SolaraBETA3.2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

Processes:

msedgewebview2.exe

pid process

4828 msedgewebview2.exe

pid	process
4828	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

SolaraBETA3.2.exepowershell.exepowershell.exepowershell.exepowershell.exeXClient.exeXClient.exe

description	pid	process
Token: SeDebugPrivilege	4720	SolaraBETA3.2.exe
Token: SeDebugPrivilege	740	powershell.exe
Token: SeDebugPrivilege	4468	powershell.exe
Token: SeDebugPrivilege	1104	powershell.exe
Token: SeDebugPrivilege	4560	powershell.exe
Token: SeDebugPrivilege	4720	SolaraBETA3.2.exe
Token: SeDebugPrivilege	2596	XClient.exe
Token: SeDebugPrivilege	400	XClient.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

SolaraBETA3.2.exe

pid process

4720 SolaraBETA3.2.exe

pid	process
4720	SolaraBETA3.2.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

XcHvYYrNa.exeSolaraBETA3.2.exeSolara.Dir.exeXcHvYYrNa.exemsedgewebview2.exe

description	pid	process	target process
PID 3940 wrote to memory of 2224	3940	XcHvYYrNa.exe	Solara.Dir.exe
PID 3940 wrote to memory of 2224	3940	XcHvYYrNa.exe	Solara.Dir.exe
PID 3940 wrote to memory of 4720	3940	XcHvYYrNa.exe	SolaraBETA3.2.exe
PID 3940 wrote to memory of 4720	3940	XcHvYYrNa.exe	SolaraBETA3.2.exe
PID 4720 wrote to memory of 740	4720	SolaraBETA3.2.exe	powershell.exe
PID 4720 wrote to memory of 740	4720	SolaraBETA3.2.exe	powershell.exe
PID 4720 wrote to memory of 4468	4720	SolaraBETA3.2.exe	powershell.exe
PID 4720 wrote to memory of 4468	4720	SolaraBETA3.2.exe	powershell.exe
PID 4720 wrote to memory of 1104	4720	SolaraBETA3.2.exe	powershell.exe
PID 4720 wrote to memory of 1104	4720	SolaraBETA3.2.exe	powershell.exe
PID 4720 wrote to memory of 4560	4720	SolaraBETA3.2.exe	powershell.exe
PID 4720 wrote to memory of 4560	4720	SolaraBETA3.2.exe	powershell.exe
PID 2224 wrote to memory of 3248	2224	Solara.Dir.exe	XcHvYYrNa.exe
PID 2224 wrote to memory of 3248	2224	Solara.Dir.exe	XcHvYYrNa.exe
PID 4720 wrote to memory of 4892	4720	SolaraBETA3.2.exe	schtasks.exe
PID 4720 wrote to memory of 4892	4720	SolaraBETA3.2.exe	schtasks.exe
PID 3248 wrote to memory of 4828	3248	XcHvYYrNa.exe	msedgewebview2.exe
PID 3248 wrote to memory of 4828	3248	XcHvYYrNa.exe	msedgewebview2.exe
PID 4828 wrote to memory of 928	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 928	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe
PID 4828 wrote to memory of 1960	4828	msedgewebview2.exe	msedgewebview2.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\SolaraBETA3\XcHvYYrNa.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBETA3\XcHvYYrNa.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3940

C:\Users\Admin\AppData\Local\Temp\Solara.Dir.exe
"C:\Users\Admin\AppData\Local\Temp\Solara.Dir.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2224

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe"
3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
PID:3248

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3248.4176.6207702931207447452
4⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:4828

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=122.0.2365.52 --initial-client-data=0x178,0x17c,0x180,0x154,0x1b4,0x7ff9d0222e98,0x7ff9d0222ea4,0x7ff9d0222eb0
5⤵
PID:928

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1828 --field-trial-handle=1840,i,16975995590604349888,4374831759494704140,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:2
5⤵
PID:1960

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2144 --field-trial-handle=1840,i,16975995590604349888,4374831759494704140,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:3
5⤵
PID:2304

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=2392 --field-trial-handle=1840,i,16975995590604349888,4374831759494704140,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
5⤵
PID:1548

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --mojo-platform-channel-handle=3504 --field-trial-handle=1840,i,16975995590604349888,4374831759494704140,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:1
5⤵
PID:4904

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView" --webview-exe-name=XcHvYYrNa.exe --webview-exe-version=1.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --edge-webview-custom-scheme --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=1840,i,16975995590604349888,4374831759494704140,262144 --enable-features=MojoIpcz --variations-seed-version /prefetch:8
5⤵
PID:564

C:\Users\Admin\AppData\Local\Temp\SolaraBETA3.2.exe
"C:\Users\Admin\AppData\Local\Temp\SolaraBETA3.2.exe"
2⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4720

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp\SolaraBETA3.2.exe'
3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:740

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'SolaraBETA3.2.exe'
3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4468

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1104

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4560

C:\Windows\System32\schtasks.exe
"C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\AppData\Roaming\XClient.exe"
3⤵
- Creates scheduled task(s)
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4184 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:1256

C:\Users\Admin\AppData\Roaming\XClient.exe
C:\Users\Admin\AppData\Roaming\XClient.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2596

C:\Users\Admin\AppData\Roaming\XClient.exe
C:\Users\Admin\AppData\Roaming\XClient.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:400

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4828_406845695\manifest.fingerprint
Filesize
66B

MD5
ae188b1f37f7bd50c90f281d08c3a517

SHA1
8a08463ec525d115e566595d27215cd7c9f9a3cd

SHA256
052e7b4b7ead9a368360dd1cfa40cd15767d58ca542240f8a81cf2e13ca90059

SHA512
c950c33880da4509087960743154b9dd5f8e21140077dd37b2d475bfc837feb7430e4d207d8dfbccbba317551e8f63f42508545d91ee481107131a58d386e761

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4828_406845695\manifest.json
Filesize
108B

MD5
763e003bcbb80f3c81522cb052addfa0

SHA1
fa672c6fa9ce939d607a1526ca13ec245514b43d

SHA256
e1d24c2bfb4bc07717aa5833146ed55b67c41ef17fb61ef276eff923bb1ec20f

SHA512
41062cf02794548d6df38205fb369d1aa614ac67030cd909b66a23735473f76de1a3c0bcf0895c932bf9b5c506c1d9659745ec84ec52e361881eb474e92e3fea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
59d97011e091004eaffb9816aa0b9abd

SHA1
1602a56b01dd4b7c577ca27d3117e4bcc1aa657b

SHA256
18f381e0db020a763b8c515c346ef58679ab9c403267eacfef5359e272f7e71d

SHA512
d9ca49c1a17580981e2c1a50d73c0eecaa7a62f8514741512172e395af2a3d80aeb0f71c58bc7f52c18246d57ba67af09b6bff4776877d6cc6f0245c30e092d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
50d3033f2bc3a3774c469d03e71a79a9

SHA1
22027b1d52085de99b3bffa276530fea5d961471

SHA256
2987e99ec7fa17bd4ab7de3cb4dc62645e1052012a5a357904d6fc6db9054147

SHA512
ecf7ab1a9e4192454a3e24c60453fd702a8c648e00078fc933b9182f4a3d3c10c6f5da622a5729b35727e6ddc8837029caddcaf76f56e805b9744253b56da5d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
Filesize
944B

MD5
f0a41fc9c1123bb127e55ecc66c8f052

SHA1
57152411758fa3df2623cc8a4df6d9fea73652f8

SHA256
a4fe2be2c449e841f6a12d32114672b097fc1058b6f2971a03521220a0228745

SHA512
e3e967adac361ddcf8240cf641f3e77eacfefc61dec725b8ae12e6a94f7d2ebd937fb9eb3cd068a0b3d4306e163dc87773b322bc2dd8b7df93b8103d0e99a900

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\Microsoft.Web.WebView2.Core.dll
Filesize
488KB

MD5
851fee9a41856b588847cf8272645f58

SHA1
ee185a1ff257c86eb19d30a191bf0695d5ac72a1

SHA256
5e7faee6b8230ca3b97ce9542b914db3abbbd1cb14fd95a39497aaad4c1094ca

SHA512
cf5c70984cf33e12cf57116da1f282a5bd6433c570831c185253d13463b0b9a0b9387d4d1bf4dddab3292a5d9ba96d66b6812e9d7ebc5eb35cb96eea2741348f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\Microsoft.Web.WebView2.Wpf.dll
Filesize
43KB

MD5
34ec990ed346ec6a4f14841b12280c20

SHA1
6587164274a1ae7f47bdb9d71d066b83241576f0

SHA256
1e987b22cd011e4396a0805c73539586b67df172df75e3dded16a77d31850409

SHA512
b565015ca4b11b79ecbc8127f1fd40c986948050f1caefdd371d34ed2136af0aabf100863dc6fd16d67e3751d44ee13835ea9bf981ac0238165749c4987d1ae0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\Monaco\fileaccess\node_modules\get-intrinsic\.nycrc
Filesize
139B

MD5
d0104f79f0b4f03bbcd3b287fa04cf8c

SHA1
54f9d7adf8943cb07f821435bb269eb4ba40ccc2

SHA256
997785c50b0773e5e18bf15550fbf57823c634fefe623cd37b3c83696402ad0a

SHA512
daf9b5445cfc02397f398adfa0258f2489b70699dfec6ca7e5b85afe5671fdcabe59edee332f718f5e5778feb1e301778dffe93bb28c1c0914f669659bad39c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.eslintrc
Filesize
43B

MD5
c28b0fe9be6e306cc2ad30fe00e3db10

SHA1
af79c81bd61c9a937fca18425dd84cdf8317c8b9

SHA256
0694050195fc694c5846b0a2a66b437ac775da988f0a779c55fb892597f7f641

SHA512
e3eca17804522ffa4f41e836e76e397a310a20e8261a38115b67e8b644444153039d04198fb470f45be2997d2c7a72b15bd4771a02c741b3cbc072ea6ef432e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\Monaco\fileaccess\node_modules\hasown\.nycrc
Filesize
216B

MD5
c2ab942102236f987048d0d84d73d960

SHA1
95462172699187ac02eaec6074024b26e6d71cff

SHA256
948366fea3b423a46366326d0bb2e54b08abd1cf0b243678ba6625740c40da5a

SHA512
e36b20c16ceeb090750f3865efc8d7fd983ae4e8b41c30cc3865d2fd4925bf5902627e1f1ed46c0ff2453f076ef9de34be899ef57754b29cd158440071318479

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\Monaco\fileaccess\node_modules\vary\LICENSE
Filesize
1KB

MD5
13babc4f212ce635d68da544339c962b

SHA1
4881ad2ec8eb2470a7049421047c6d076f48f1de

SHA256
bd47ce7b88c7759630d1e2b9fcfa170a0f1fde522be09e13fb1581a79d090400

SHA512
40e30174433408e0e2ed46d24373b12def47f545d9183b7bce28d4ddd8c8bb528075c7f20e118f37661db9f1bba358999d81a14425eb3e0a4a20865dfcb53182

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\WebView2Loader.dll
Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\Wpf.Ui.dll
Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.dll
Filesize
5.2MB

MD5
85b0dcb64053e35280477d88e1e05505

SHA1
70ebc4da4ac422bb47c1c49114d935d01848436b

SHA256
0c11716983653fef7d0f403c31429d9730c3c182eecc2e518ab98b4de6dd6730

SHA512
2f79e49f093fd0aaef79cbda75924ddec34a8172182a5cb7ddcde5227897f46e9e55dccf310779918afd1144f2af9a003d58939b5e631ecda147c81b95ad4d64

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe
Filesize
85KB

MD5
5e1bc1ad542dc2295d546d25142d9629

SHA1
dd697d1faceee724b5b6ae746116e228fe202d98

SHA256
9cc1a5b9fd49158f5cca4b28475a518cb60330e0cad98539d2a56d9930bdf9f9

SHA512
dc9dbecec37e47dd756cd00517f1bfe5b27832bd43c77f365defc649922cb7967eb7e5de76d79478b6ebfd99a1cc2e7e6b5119a05a42fd51a1c091b6f00f2456

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\02a1d084-adbb-4db7-8f36-20556ba7ee0a.tmp
Filesize
16KB

MD5
0146c6c7bd6e620b3109edb45b261a79

SHA1
d06753d8f4123661c0bd1358168b4e5fa2c01217

SHA256
61a19a2b09619b892e57006d98f42bb353bc18fa4cd6bc5b4b7b76f370a8c03a

SHA512
13769e63643cef85e56a4ab577ada3d33fb6dee35316aa1760689cee9d70977b815593d58429bcdab677d13701d101f68a104bfbf9434f6d72140650e2c7efe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\BrowserMetrics-spare.pma
Filesize
1.2MB

MD5
2f3e0867e021c09e87f83191e7a19afc

SHA1
a5c6fa33af4e334c67a5d32454878a1c140bb24f

SHA256
3feba69233bdaef088eac89b5f0d9eddfdfc8ba34c09518434440b174979ce8a

SHA512
2e10f7d62b466a29b15f36645a7ec5830ec6ee9a465b06900be1dab277ed0c1111af28766c0ed703b92c7d4bc419c67ba55f78dbd709a180bd6358b2a440b999

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
280B

MD5
e42fb5e155de91431c6f2bebb0e36ac8

SHA1
4d3965c049d93c70a7790394fae525693f0a999b

SHA256
4f65232eb33a6ec44f290102fdb2a52bfae50388fc4e60cf40bdc8b52011af23

SHA512
639a88882d1cfd5e7573317fbaca22c159685864041011de1462dc5cefea78bc9078f70a42ef183bcc45a0286689ea8845657d5c9f8b99b9321ad33966902c38

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad\settings.dat
Filesize
280B

MD5
c559545fa1e510467f3e44eeb85ad576

SHA1
4b27b08b56d9c49ef9f704701d9be6bb59b7c9f0

SHA256
d7f22a1840c2ffcb77e065346a82c7a6ee0ab63ee5aa6dac48f117f608b77967

SHA512
7552634ef263e4f0c36eac74cc95d81a766eeb875b26e14317c9e4bce817cd7dd95f4d2533d2e98b482abbbc706b05f1cb4bdeea8126adbdc096c98e747e3bb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Crashpad\throttle_store.dat
Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_0
Filesize
44KB

MD5
80d2a029bfabe5bafd8a6f42010584cf

SHA1
6cde13237e5d89f80b24d3bb8c9cfe29d7b3f1e2

SHA256
a11728340a18f3c1593a94ef69f6dec09452c8c5810401e46aa66cce081c1e33

SHA512
142f048246218be2d57d8301e57c8556e590648e9b193ece15bf8ba2978a7e01e65d21b7d462191d9244664237358d2dab5f3a692afafcbd3c87ab01cb307fd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_1
Filesize
264KB

MD5
56be2a34055dad930fb3417fcf4fda4a

SHA1
6847e5397d76e2f7718ab7a120975a138b12172f

SHA256
b11f8ea60123a14386fcc4d25ee5d844b39c5934942cd26c48330f7d5c2653f6

SHA512
c7c7e01dcfbf5a61fb36a180d816bf99c8922eb370d223272fb4008c0ec9658ba888965ec4bc55db8d418d7404a290a4058b975a420431a2039e2b37a6e5383d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_2
Filesize
1.0MB

MD5
ef4da0c9c4a06c6576fabdc0142860f0

SHA1
dbe662fc48c01f43a9b7268ffd73d4de29f67117

SHA256
e745d821ea961d8a4f3035493ecb9dcb4724bbf9bfad3e8d0151dd1da17d6dcd

SHA512
7ea73d243ed804474435492691006dd12a4cfc5737f58d667a62beb34016cb67311ef1e6e365902a2768f56969802f2eb799bdd7eae269a7fbfbe7dfff5cdcd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Cache\Cache_Data\data_3
Filesize
4.0MB

MD5
4a748b9c4c082826408c67b99dd10115

SHA1
80a81153b849bd2144715e9e6424a35e50389eda

SHA256
95dc6a8bb61adfbe172f61bfa1b3db5ece6177cba08430cc218a76d103faa3fb

SHA512
f34551c20aff6a99a698a9461b76c3ad1969660ad0c7a0571c1cf7670a2dc74c160fdcef218b1ff7932e8729cefbd3bfaad89fd0e743b840c5f60e8f8ecaf8ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000001
Filesize
27KB

MD5
2bb63bc961589fa265d96c64959719f1

SHA1
342a2503343edc2693a193eb8cde67296d366c0b

SHA256
e01c8fbda53cd25b4bb153924b4076090139d390727517c60edd4e3b849103a4

SHA512
b2aa26a6cab3d90f5b65a7c617d7b8dcd2332934c38a432837765132fd4803415813d3643b91f008d3a0f855c2856dd8b745258ec6e65ca7153646b089f426e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000002
Filesize
23KB

MD5
55ab99995a2292864c7c11c519642c3b

SHA1
744867443cea56c05d7c3f93848205f052b38e77

SHA256
3f2dc4ef90c9a94734d362e3d6ecd119a86b4be83798e20454a25ce1bf985eca

SHA512
d92378863c378ff11840aa988abdb74e01bd7bef95408052488862efe2e2e9bd8b64b73a79fbc4c14238b43df6bb2d6083336d0469d8fa0e1e5a2575c66eae58

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000003
Filesize
23KB

MD5
a2cc48969e8afdb04f47a74594c4a019

SHA1
3fd3bab70af8e69663b6db49cdac2a8a161b0fa1

SHA256
d7295aba8df61c897b90fa0c1e28e737540bdcd2fd58b52abb7906d6d23717cc

SHA512
76c51dfd06564c9c97b2b1c1806072eb619fc639ea1bcd9c27ab3472ec098ab6e74db5616ecb69acb5218fa3deed57d15a82fdf5757e8a5d5ded022af9340909

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000004
Filesize
164KB

MD5
2b27616c587c24e472219004662ac426

SHA1
0eadf7488e618c4515dd6659299ce9014707c90e

SHA256
8ae6202421d5615f8ce03de0a506c651a3b9082e33e63d2dbaeb9d4ab68d3acd

SHA512
e8d3ea7a478e22cb08c53de5270e9d5050b38809e54797443d086f75b74d1f4a6507e22c7ab91d5b8f61784bf1959e70c8be44f2dbf0974a3b061a7241dc9550

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000005
Filesize
18KB

MD5
885d32cf40294b2d69b2f58bb27468b7

SHA1
c1c9db162121048bf585aa8915ad88c2820d17c4

SHA256
c8545021ffd4b062ea76df6ab092f50a7c0de35d61132769dc7b43afcdb0fc75

SHA512
ee625ed97724a5e4861ef595a962d42e2e9ab935db201fd7a320ac0dffcec82ff11ffd20bdace74a7eaf6d61e1da01a7a9481a0d1cbbd7168d011ce0f9d9ef18

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000006
Filesize
23KB

MD5
435a4fd590eb82d976b39224488e057a

SHA1
21c428bdb0c21b159daaa5afe9d7bd582712e03b

SHA256
8caf1dba6cbd53db7046e5560555f239e7bb255481e80f2f856d30d760f98dad

SHA512
7b826041fe2a088f8b42bf0483f5b6216296dafa10be7debb616904c9b1560fe1714c3343e40cf1a6dea508a3405d2d84e0c0326e2cb8138ea6bf82ffddcfe07

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Cache\Cache_Data\f_000007
Filesize
25KB

MD5
5a5602fe5bdfff54ce95f1681d935255

SHA1
518be4e4a4aa33a2e3842b73410906f74fd0a466

SHA256
e567f8a857cb3871c7f2a1c00ae73d85bedea2a79cdac80fba9562b88b0c577a

SHA512
ee79ca8cd5f8d2a0bc5cc7c20c1eba0023e2921c141017173c326648eb5948becdb99cdf2f8b18215a1f44048b4c51954088d6babfc10a66d9fb8757eb792ac9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Cache\Cache_Data\index
Filesize
512KB

MD5
684033fa0e191e889be7b9dff7f51b6b

SHA1
637594ef3f08c80ac91fabb70bb9502f3964f45b

SHA256
7a25ad9d072e079b1b5de62ebe8eb478a70491c745273b81ad28421b16606566

SHA512
b9d67d6d0182ae8baa204155da1111592ab868a5592244c2f9c7a8d8e2668e239549c0d878cff4576a7e9d510c94101e4382266169913b02e18687fbbbcc0b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Extension State\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\History
Filesize
164KB

MD5
ac88d626adf4cca5847a6026163cf9f1

SHA1
4db3175add61237b563842ab06a0c4caa09d3d9d

SHA256
03bd2bb206f9b443f1a61750362acbbd0b11c2a67ac51145e7393687bd847325

SHA512
81516583dfab354389f62556bafba0e2bc601288418951e91b9881eb2055b26a176f2a618eb8cd693a33c4519a92aaf93670a05a1592aeffecf6b576078f3614

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Network\3c25761f-4637-4a0e-a858-3509ffb2ea72.tmp
Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Network\Cookies
Filesize
20KB

MD5
26fc054d6e2537d0eefc2adccd8aed48

SHA1
57d91cc39566739e53ee686fdf54a54db586225e

SHA256
f1f4cab488693f20a1daa0d0d9bf8d5f4bd066d939fbcb78e3c1eb5b44582e4d

SHA512
b674081966ad1cf5318e3e86c628c13cdc67bb53cbea5a49992551033fe9730206d7133aaf0535c95a6245a2e20522a9ea9bc7c414a72cf08be8f5c2d81611b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Network\Network Persistent State
Filesize
1KB

MD5
fa79d30764df231ccd725dacf42bcae2

SHA1
89ebb7c1bfbe7aa98f646500426d5b66ea59865c

SHA256
c3266987a558fe1a18b87451d2d37199e3b6bcb31d0734c75ad332b5ef1bc048

SHA512
dc75dcc089ac30d283aa4d59a0c7d63739e3e6525a3a82ef7ed371b9adda90ddf2b2a770f4b93eeba89a0f1ce09db9297d98c329183126accab16512eac70cb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Network\Network Persistent State
Filesize
1KB

MD5
08720c17f91d4e9ca24032428c4fc0a8

SHA1
f369a674e12b9493b974b53a738b723fa6466900

SHA256
74af07897ec4c7acc21dd7d1afad223a87ec619c63dc13433f160148550bb62c

SHA512
29ed93c67aa6d7fd1d0fef8a907cbd1c69c0d92620bf6b0f90588843f7f4e4698b8b098e7504611be5ec576abfa70cad4a9c95ae17827af9a3906fce66b36c52

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Network\Reporting and NEL
Filesize
36KB

MD5
6f97eceba1adbf98caacc935db893d52

SHA1
0939322b3834c6362a501a969b5a0388c22b26f6

SHA256
af74fe9ce095b5fd1b0879375c60120091ed11f32c8ab7a910d7ab9544e3b8e5

SHA512
78909e91d9f2b74c62766ff32c9bdbd20d7ed810b0262d0a4bac1cc7d96a46c559aec3a63208d994236025f6af90410b567fa207d7ff84fc5c3cb8ca1fb6f63e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Network\TransportSecurity
Filesize
859B

MD5
e392bfbde999ec6e5af491dd10615c58

SHA1
9e1f494fa58797b7c36bded95b1d7bdd4ab45646

SHA256
2946dbbb65440af2c8dc0eba72c2f2d9478fa1ce4f40cdebf07cb8b322ee0bd8

SHA512
99f58cde9356c633a4c8e1c34fffdca7ee49c34082a7ddb32bee034077d2ae858f7dd57c9f8a8497eaff1d752967083786d564ad45d17725e20f8934bd773c56

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Preferences
Filesize
6KB

MD5
e5000b89ab88c145f80467df236f76ac

SHA1
4003dfa4d4408a1e364894b997fdc8c3c50742da

SHA256
4a2f6c8008af067f92470d5e1305ca875ab57459a783b80266829ab10a43647a

SHA512
b3e4ee15b3c77dda9c516aa86f837c244cb9e9f7cb068b9a334e51a1cf6409db70892a5717d7948933cf32a09145febd6c2fe3620ff077a1232c3659fbe08056

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Preferences
Filesize
6KB

MD5
7353d58630b7294509cd4efccfd07ed4

SHA1
7dae98dde5198b0ae557963fff629888c54fffe4

SHA256
fe77cb04c8786a4fc5943792465edb70fe309ad056b52ad534cf2e3c2686ac57

SHA512
cdff42119962c51a7424ad088540ca9e7fc0bc9d257f8ae81dfa7fd00f4ceb6a1aedeea30ffecf0476d4b72dfa75dbb33a76f74312ecc3d0d9986df5c572c7fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Secure Preferences
Filesize
6KB

MD5
19828b647c2fd8ef240ef2957f595852

SHA1
664860f68ffdd3b3116c255347d262f30b03e27a

SHA256
04051979b696546dc10229bfbdeb3faccea8af6278aaa2eb9996d6d75ac768e4

SHA512
f0dd7469d2848a6cc10f6f4535f9de5feb4e60ce1d067eadde2f0960aeff5b65971ae7b153ac061dd6ae1f3f4bf68c020ceaefe6170ca72388094e80e454cb11

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Secure Preferences
Filesize
6KB

MD5
64edde3a2b8e3229712d2f85cf194dd6

SHA1
ae72cc8f877e1a1ef54191811e8047804192864e

SHA256
a2a921a7710dcee4331093bd7b0de1b9cbfdeb0a6d32e7605487a2690236af64

SHA512
ad4874b58b1d758fabf80a89b9360a9e1eae08ce2375c698d0253acaf9766d36768b090b169f5befa29bd36edec8759dce55f74abfe024444b958fe8545c4c90

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Shared Dictionary\cache\index-dir\the-real-index
Filesize
48B

MD5
a1366c80088e611102dd7d9151e03e53

SHA1
b68ebfe3ac008a56892a4705370ddfcf73fab8e2

SHA256
10bb71ff7c5c50195fc76a6949c4a480f86f7b56c95c17e1c115525dabd34339

SHA512
8408748e5733b640a3e5330b01e05aedbd3094a05ffc71a614c6f64111cc22117fdc85ba6d2fb9002f92ef17dc6716679c0972efd9f3a9f5905119ebc03487f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Shared Dictionary\db
Filesize
44KB

MD5
2ca93b9b4af8d2ce579d69ff7499315d

SHA1
97a062ae757b40c2ce757f6b3abf994a07449a3c

SHA256
aae37c889218b960b2520ad2bce835e55fad618efaf3c297f98a05ac48a72562

SHA512
ec4ef8cf602b1274360d5bb490f4700013a37ee855885bfb2e483feab1425e48a6cd7f8d8071c26cb7ea1bca1b4de905422e8d8e3028ce9f695309ccf45b9a8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Visited Links
Filesize
128KB

MD5
e2bd14a693aa25376e658073b7b3b159

SHA1
6078e0644245bf0e9619e75afdd79db7494ea129

SHA256
a4483103e35ad45f22215557928f1fc3febc92bedb47aacd4172d28480930165

SHA512
2a2177dbf746b0bc3470c69351e7e03c0fc624ba2ceb4599dec94e0c2520cd504c91cb264aa05467c09932c246dc25e42caa0d7782af2e4fac3ce3a86c4f600e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Default\Web Data
Filesize
208KB

MD5
d5537d41eed8f4d419a7225474f0314c

SHA1
1b935eb33666581f3ec3ecc2a7c8306177e8ff3d

SHA256
abfe6af18a4915679d8e649d16e66d8cf1fc118b78504f2881b4ff44a9360408

SHA512
f5d64848147b70384d6e384d36161ab3d7dd397ae560e31e63c38761c973af8c953c4452a2aa67c8e7af0b31ef70643bb8357844e8bd328de206db93c59892ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_1
Filesize
264KB

MD5
55da729ae6c02a0a4358f99ea2bf4456

SHA1
ff8eec736aa91cd28ece44075a2a2391adce7c79

SHA256
fb49010f9ebf6fbf89b1256315d6657cf2801e44de04a200eecd6daa4ef0172b

SHA512
6d6fb768fcbcfa284bb556fa045f8ca12ef267342a18f16df609cd444faf1017ff77252cfe8ccdd34708afe6052903abaf7ce3721d72c0f43033caab33f06f80

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\GraphiteDawnCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Last Version
Filesize
14B

MD5
16a9c8d79fdeb13c84a79de3c4186dc9

SHA1
44bc0ac88212fcadfbf48106b58ec79c1cb78190

SHA256
f4f5e614fd8144e6cb8dc6cae5d7fd50d7116fb153ace6b5e0ce726ec56092bb

SHA512
ba5c225ef250f6da2d0cec0ae85dfc42c21a93bf2afdd26e003661e0a2e017ab91fbb0bd1ce72a0cbdfeb6c16ab0024a210759db231f44908cccb1a81c9e4990

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Local State
Filesize
18KB

MD5
cfd77534545a7874d5c31b74296c0a73

SHA1
6e728eca756715c5e234eb14c23875e2afb6e882

SHA256
b8cc51529426e08ddfa9c0494113de80eeffb17b0415a6ceafbc3254cb480228

SHA512
e52c8492293946a3b7bd363f189888d453f79e2c18da1caf67d8997ab76361305fcea1290dc70ac46b49cafe7e43aa0916d48bcc177605c2ce0dfd59893615dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\ShaderCache\data_1
Filesize
264KB

MD5
7fc199e88cdc756991eb44737cc4a15b

SHA1
04fff27d20a5eb732250e885dbce4247f5db5ac3

SHA256
7f43715f8cf1769a0c87efd5c0a34ade6dd9c70288976d21ee039c067731f6ee

SHA512
6e5187e8df131c86733b59b638d15197fe0df3c6cd7264c6b7c645093bbc61c4de6ae1206925464c4f53eafd53e86c3537cb861783b58fbd83275a79c5929b1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\ShaderCache\index
Filesize
256KB

MD5
e602bbf5d8fcea3ea8d92ca9d6b58270

SHA1
bb7548e13a8b8b66ab23091b2e91b422f8dcff74

SHA256
fa053092eb5052560ff9bc697aef9b7803be0c74e1442c49e2dc5de8578a5086

SHA512
bd3d59a3d68a558e158803aeed6cc88185eb23326afcbbf73bc8ac678e134187b3214710106cffff08b60f873de6c2bf58fe0202547ef57ebc980595ba283c31

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\TpcdMetadata\2024.4.29.1\metadata.pb
Filesize
31KB

MD5
7b9001fd6a5786c7b7edfa104a1eca5b

SHA1
462bafeca182a3e600ba22eaa1cab15c1a70831c

SHA256
779726531d52eff63d46df72ddcd421921b2e6bb918147a18c2adc28f45e693c

SHA512
f16d79a093c55408b6c118a743c5d77057dc899f5303c55003298fd67256f58200e085d03471f421065db1d3b131393f2e3a96ca71e35c94f1ba7a0569029918

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\XcHvYYrNa.exe.WebView2\EBWebView\Variations
Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\libcurl.dll
Filesize
522KB

MD5
e31f5136d91bad0fcbce053aac798a30

SHA1
ee785d2546aec4803bcae08cdebfd5d168c42337

SHA256
ee94e2201870536522047e6d7fe7b903a63cd2e13e20c8fffc86d0e95361e671

SHA512
a1543eb1d10d25efb44f9eaa0673c82bfac5173055d04c0f3be4792984635a7c774df57a8e289f840627754a4e595b855d299070d469e0f1e637c3f35274abe6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\vcruntime140.dll
Filesize
99KB

MD5
7a2b8cfcd543f6e4ebca43162b67d610

SHA1
c1c45a326249bf0ccd2be2fbd412f1a62fb67024

SHA256
7d7ca28235fba5603a7f40514a552ac7efaa67a5d5792bb06273916aa8565c5f

SHA512
e38304fb9c5af855c1134f542adf72cde159fab64385533eafa5bb6e374f19b5a29c0cb5516fc5da5c0b5ac47c2f6420792e0ac8ddff11e749832a7b7f3eb5c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Solara.Dir\Solara.Dir\zlib1.dll
Filesize
113KB

MD5
75365924730b0b2c1a6ee9028ef07685

SHA1
a10687c37deb2ce5422140b541a64ac15534250f

SHA256
945e7f5d09938b7769a4e68f4ef01406e5af9f40db952cba05ddb3431dd1911b

SHA512
c1e31c18903e657203ae847c9af601b1eb38efa95cb5fa7c1b75f84a2cba9023d08f1315c9bb2d59b53256dfdb3bac89930252138475491b21749471adc129a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solara.Dir.exe
Filesize
35.6MB

MD5
11ef4cfb0a266d8b17b4f8c49d06b075

SHA1
d267e82452fae1be9fc7157a0628b5b2ce10cda3

SHA256
80c1c282000f94620f5cb642306e957dce6de9274d3f6ca659331f9f510c917b

SHA512
0c6af1666b6566a6bd8c16f5e95f0d42fd9b1e097a06ba08359d1bf6c8937b4127ac3fa6d4016346c4c2ab502188d7b28620fd4415cb90b213295effa7256bfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\SolaraBETA3.2.exe
Filesize
76KB

MD5
d97b0328a8fafe690029b8548aed7232

SHA1
a86162c5fb5cee5c832fd277f3c7e654b8076fce

SHA256
35f94bd611772c191472cd61fe9b573f65493bb11503577c73d668105ad5e43a

SHA512
9ef25e843c95923ef15dc4efbc86b236f023e8d00b9eef38053f8e872d0ddaf66bb72e6484f2c44273da3f30b3887efa553d479bff27950b9a219f4a319b75fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m2puzk15.1m5.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
\??\pipe\crashpad_4828_IDBOUKPWVZEIWAXN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/740-873-0x000001AC759A0000-0x000001AC759C2000-memory.dmp

Filesize
136KB

Download
memory/740-1489-0x000001AC75A10000-0x000001AC75B5E000-memory.dmp

Filesize
1.3MB

Download
memory/1104-1906-0x000002131C3C0000-0x000002131C50E000-memory.dmp

Filesize
1.3MB

Download
memory/1548-2032-0x00007FF9F4D60000-0x00007FF9F4D61000-memory.dmp

Filesize
4KB

Download
memory/1548-2031-0x00007FF9F4AE0000-0x00007FF9F4AE1000-memory.dmp

Filesize
4KB

Download
memory/1960-2102-0x0000026319EF0000-0x000002631A01A000-memory.dmp

Filesize
1.2MB

Download
memory/1960-2002-0x00007FF9F3E70000-0x00007FF9F3E71000-memory.dmp

Filesize
4KB

Download
memory/3248-1954-0x000001CACDA80000-0x000001CACDBCE000-memory.dmp

Filesize
1.3MB

Download
memory/3248-1956-0x00007FF9D0BE0000-0x00007FF9D0C04000-memory.dmp

Filesize
144KB

Download
memory/3248-1938-0x000001CACDE60000-0x000001CACDEDE000-memory.dmp

Filesize
504KB

Download
memory/3248-1965-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/3248-1964-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/3248-1940-0x000001CAB39F0000-0x000001CAB39FE000-memory.dmp

Filesize
56KB

Download
memory/3248-1962-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/3248-1935-0x000001CACE2B0000-0x000001CACE7EC000-memory.dmp

Filesize
5.2MB

Download
memory/3248-1967-0x000001CACE230000-0x000001CACE238000-memory.dmp

Filesize
32KB

Download
memory/3248-1936-0x000001CACDF20000-0x000001CACDFDA000-memory.dmp

Filesize
744KB

Download
memory/3248-1955-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/3248-1930-0x000001CAB35E0000-0x000001CAB35FA000-memory.dmp

Filesize
104KB

Download
memory/3248-2130-0x000001CACDA80000-0x000001CACDBCE000-memory.dmp

Filesize
1.3MB

Download
memory/3248-1968-0x000001CAD1B60000-0x000001CAD1B98000-memory.dmp

Filesize
224KB

Download
memory/3248-1969-0x000001CACE2A0000-0x000001CACE2AE000-memory.dmp

Filesize
56KB

Download
memory/3248-1953-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/3248-1985-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/3248-2087-0x000001CACDA80000-0x000001CACDBCE000-memory.dmp

Filesize
1.3MB

Download
memory/3248-1984-0x000001CACDA80000-0x000001CACDBCE000-memory.dmp

Filesize
1.3MB

Download
memory/3248-1966-0x0000000180000000-0x0000000180C2E000-memory.dmp

Filesize
12.2MB

Download
memory/3940-22-0x0000000000400000-0x00000000027B9000-memory.dmp

Filesize
35.7MB

Download
memory/3940-1-0x0000000000400000-0x00000000027B9000-memory.dmp

Filesize
35.7MB

Download
memory/4468-1658-0x000001F027E30000-0x000001F027F7E000-memory.dmp

Filesize
1.3MB

Download
memory/4560-1928-0x000001F633920000-0x000001F633A6E000-memory.dmp

Filesize
1.3MB

Download
memory/4720-19-0x00007FF9D5323000-0x00007FF9D5325000-memory.dmp

Filesize
8KB

Download
memory/4720-20-0x0000000000E40000-0x0000000000E5A000-memory.dmp

Filesize
104KB

Download
memory/4720-1960-0x00007FF9D5323000-0x00007FF9D5325000-memory.dmp

Filesize
8KB

Download
memory/4904-2066-0x00007FF9F3E70000-0x00007FF9F3E71000-memory.dmp

Filesize
4KB

Download